5.3

CVE-2023-43796

EPSS 0.16%
Published 31.10.2023 17:15:23
Last modified 13.02.2025 17:17:13
Source security-advisories@github.com
Teams watchlist Login
Open Login

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Matrix ≫ Synapse Version < 1.95.1

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.372

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://security.gentoo.org/glsa/202401-12

https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f

Patch

https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY/

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-43796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-43796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-43796

EUVD